Re: iptables and domain services...

To: "Noah L. Meyerhans" <frodo@morgul.net>
Cc: Debian User List <debian-user@lists.debian.org>
Subject: Re: iptables and domain services...
From: Jason Healy <jhealy@logn.net>
Date: Thu, 19 Apr 2001 15:59:14 -0400
Message-id: <[🔎] 20010419155914.A10319@logn.net>
In-reply-to: <[🔎] 20010419154947.I30613@morgul.net>; from frodo@morgul.net on Thu, Apr 19, 2001 at 03:49:47PM -0400
References: <[🔎] sadf018e.050@sparton.ca> <[🔎] 20010419154947.I30613@morgul.net>

At 987713387s since epoch (04/19/01 15:49:47 -0400 UTC), Noah L. Meyerhans wrote:

> If you run 'netstat -ulp' (as root, of course) you'll find that bind is
> listening on some high port.  If you allow UDP on ports > 1024 you should 
> be all set.

Or, if you don't feel like opening all 64,000+ of those ports, try a rule
like:

iptables -A INPUT -p UDP --source-port domain -j ACCEPT

Since DNS requests will appear to come from port 53 (domain), this rule lets
all such responses in.  For added sanity you could ensure that the
destination port is above 1024.

Jason

--
Jason Healy    |     jhealy@logn.net
LogN Systems   |   http://www.logn.net/

Reply to:

Follow-Ups:
- Re: iptables and domain services...
  - From: "Noah L. Meyerhans" <frodo@morgul.net>

References:
- iptables and domain services...
  - From: "Janet Post" <j.post@sparton.ca>
- Re: iptables and domain services...
  - From: "Noah L. Meyerhans" <frodo@morgul.net>

Prev by Date: Re: Where can I get ssh2 ?
Next by Date: Re: firewall log messages
Previous by thread: Re: iptables and domain services...
Next by thread: Re: iptables and domain services...
Index(es):
- Date
- Thread